Cybersecurity Architecture and Engineering Flashcards

1
Q

What are two ways to measure risk?

A

Quantitative and Qualitative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which risk response is also included when risk mitigation is performed?

A

Acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This describes the probability of a threat being realized.

A

Likelihood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

This describes the amount of loss during a one-year timespan.

A

Annualized Loss Expectancy (ALE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This phase of the risk management life cycle identifies effective means by which identified risks can be reduced.

A

Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A _________________ should include detailed descriptions of the necessary steps required to successfully complete a task.

A

Process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This function of the NIST CSF defines capabilities needed for the timely discovery of security incidents.

A

Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A formal mechanism designed to measure performance of a program against desired goals.

A

Key Performance Indicator (KPI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which cloud service type represents the lowest amount of responsibility for the customer?

A

SaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This describes when a customer is completely dependent on a vendor for products or services.

A

Vendor lock-in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This describes when a copy of vendor-developed source code is provided to a trusted third party, in case of disaster.

A

Source code escrow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This describes all of the suppliers, vendors, and partners needed to deliver a final product.

A

The Supply Chain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A set of cybersecurity standards developed by the United States Department of Defense (DoD) and designed to help fortify the DoD supply chain.

A

CMMC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

True or False. The use of cloud service providers always reduces risk.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which type of data can be used to identify an individual and includes information about past, present, or future health?

A

Protected Health Information (PHI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which type of data describes intangible products of human thought and ingenuity?

A

Intellectual Property (IP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which data destruction method is focused on the sanitization of the key used to perform decryption of data?

A

Crypto erase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which concept identifies that the laws governing the country in which data is stored have control over the data?

A

Data sovereignty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A non-regulatory agency in the United States that establishes standards and best-practices across the entire science and technology field is known as:

A

NIST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What regulation enforces rules for organizations that offer services to entities in the European Union (EU) or that collect and/or analyze data on subjects located there?

A

GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which U.S. federal law is designed to protect the privacy of children?

A

COPPA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which process is designed to provide assurance that information systems are compliant with federal standards?

A

Assessment and Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

This describes the identification of applicable laws depending on the location of the organization, data, or customer/subject.

A

Jurisdiction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What concept is often linked to the “prudent man rule”?

A

Due care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

This describes when an organization’s legal team receives notification instructing them to preserve electronically stored information.

A

Legal hold

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What type of agreement is often described as an “umbrella” contract that establishes the agreement between two entities to conduct business?

A

Master Services Agreement (MSA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which agreement governs services that are both measurable and repeatable and also generally include enforcement mechanisms that result in financial penalties for non-compliance?

A

Service Level Agreement (SLA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the last step in a business continuity plan?

A

Maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

NIST defines this as “An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.”

A

Business Impact Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

This generally defines the amount of data that can be lost without irreparable harm to the operation of the business.

A

Recovery Point Objective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which type of assessment seeks to identify specific types of sensitive data so that its use and handling can be properly disclosed?

A

Privacy Impact Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Using other branch locations to manage a disaster response is referred to as:

A

Alternate Operating Facilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which type of DR site has lowest operating expense and complexity?

A

Cold Site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

This type of site is one that can be activated and used within minutes.

A

Hot Site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

This term describes when cloud service offerings are used for DR capabilities.

A

DRaaS, DR as a Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

True or False. Incident response should only involve the information technology department.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

True or False. BCDR is a technical capability and so senior leadership involvement is not required.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

True or False. BCDR plans should not be tested as doing so may break production systems.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which type of simulation test includes a meeting to review the plans and analyze their effectiveness against various BCDR scenarios?

A

Walk-through

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which type of simulation test is used to determine whether all parties involved in the response know what to do and how to work together to complete the exercise?

A

Tabletop Exercise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

When performing this type of test, issues and/or mistakes could cause a true DR situation:

A

Full Interruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What are the two main components of a VPN?

A

Creating a tunnel and protecting data via encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Identify some ways a VPN might help an adversary avoid detection.

A

Answers will vary but should include a description of hiding data/activities and geographic location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Describe a solution designed to validate the health of an endpoint prior to allowing access.

A

Network Access Control (NAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

This is a passive technology used to provide visibility into network traffic within a switch.

A

Test Access Port or TAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What version of SNMP should be used whenever possible?

A

Version 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which type of environment is characterized by having hosts and networks available for use by visitors, such as the public or vendors?

A

Guest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

This describes a specially configured, highly hardened, and closely monitored system used to perform administrative tasks.

A

Jump Box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

This type of network segmentation differs from a traditional network segmentation approach as it provides much higher levels of security, granularity, and flexibility.

A

Microsegmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What type of architecture adopts the approach of “never trust, always verify”?

A

Zero Trust Architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

This implementation creates a software-defined network by utilizing existing physical network equipment.

A

SDN Overlay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

This describes improving performance by adding additional resources to an individual system, such as adding processors, memory, and storage to an existing server.

A

Scaling vertically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

A ______________________________________ leverages the global footprint of cloud platforms by distributing and replicating the components of a service to improve performance to all the key service areas needing access to the content.

A

Content Delivery Network (CDN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What design strategy often conflicts with information technology management approaches that look to consolidate platforms and reduce product portfolios?

A

Heterogeneity/Diversity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which type of virtualization allows the client to either access an application hosted on a server or stream the application from the server to the client for local processing?

A

Application Virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

This non-profit organization provides guidance and best practices on the development and protection of web applications.

A

OWASP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What are some of the functions that can be performed via a Container API?

A

Some examples include list logs generated by an instance; issue commands to the running container; create, update, and delete containers; and list capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What environment is used to merge code from multiple developers to a single master copy and subject it to unit and functional tests?

A

Test or Integration Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Which type of application testing is frequently performed using scanning tools such as OWASP’s Zed Attack Proxy (ZAP)?

A

Dynamic Application Security Testing (DAST)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

This describes middleware software designed to enable integration and communication between a wide variety of applications throughout an enterprise.

A

Enterprise Service Bus (ESB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

True or False. Traditional software development models incorporate security requirements throughout all phases.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Which type of software testing ensures that a particular block of code performs the exact action intended and provides the exact output expected?

A

Unit Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Which type of testing verifies that individual components of a system are tested together to ensure that they interact as expected?

A

Integration Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What development model includes phases that cascade with each phase starting only when all tasks identified in the previous phase are complete?

A

Waterfall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What development model incorporates Security as Code (SaC) and Infrastructure as Code (IaC)?

A

SecDevOps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Storing passwords using this method should be disabled as it provides marginal improvements in protection compared to simply storing passwords in plaintext.

A

Reversible Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What is the term used to describe when credentials created and stored at an external provider are trusted for identification and authentication?

A

Federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Which access control model is a modern, fine-grained type of access control that uses a type of markup language call XACML?

A

Attribute-Based Access Control (ABAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What authentication protocol is comparable to RADIUS and associated with Cisco devices?

A

TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What authentication scheme uses an HMAC built from a shared secret plus a value derived from a device and server’s local timestamps?

A

Time-Based One Time Password (TOTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

In which stage of the data life cycle is data shared using various mechanisms, such as email, network folders, websites, or cloud storage?

A

Use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Describe some of the critical elements included in data management.

A

Answers will vary but should include descriptions of data inventory, data mapping, backups, quality assurance, and integrity controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Identify some practical DLP example use-cases.

A

Blocking use of external media, print blocking, Remote Desktop Protocol (RDP) blocking, clipboard privacy controls, restricted virtual desktop infrastructure (VDI) implementation, data classification blocking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

What is the name of the data obfuscation method that replaces sensitive data with an irreversible value?

A

Tokenization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

What data obfuscation method is designed to protect personally identifiable information so that data can be shared?

A

Anonymization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Which type of virtualization platform supports microservices and server-less architecture?

A

Containerization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

_____________________________ is assigned to cloud resources through the use of tags and is frequently exploited to expose configuration parameters which may reveal misconfigured settings.

A

Metadata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Which type of cloud service model can be described as virtual machines and software running on a shared platform to save costs and provide the highest level of flexibility?

A

Multi-tenant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

After powering-up a virtual machine after performing maintenance, the virtual machine is no longer accessible by applications previously configured to connect to it. What is a possible cause of this issue?

A

The IP address was reassigned to another instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Which type of storage model supports large amounts of unstructured data and is commonly used to store archives and backup sets?

A

Blob Storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Which technology uses a ledger distributed across a peer-to-peer (P2P) network?

A

Blockchain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

___________________ reality emulates a real-life environment through computer-generated sights and sounds.

A

Augmented/Virtual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

This term describes computer-generated images or video of a person that appear to be real but are instead completely synthetic and artificially generated.

A

Deep Fake

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

______________ computers use information represented by spin properties, momentum, or even location of matter as opposed to the bits of a traditional computer.

A

Quantum

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Which technology allows the crafting of components on-demand, and potentially eliminates the need to share designs or plans that may lead to intellectual property theft?

A

3D printing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Identify two types of certificates commonly used to implement access controls for mobile devices.

A

Trust (device) and user certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Which standard is associated with the Simultaneous Authentication of Equals (SAE)?

A

WPA3 (Wi-Fi 6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Which type of device attack allows complete control of a device without the target device being paired with the attacker?

A

BlueBorne

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Identify some reasons why DoH poses a security threat in an enterprise setting.

A

Answers may vary. DoH, if approved, must be configured to use a trusted provider. DoH encapsulates DNS traffic within https traffic making it harder to identify. DoH can bypass external DNS query restrictions configured on firewalls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Identify how Bluetooth can be used for physical reconnaissance.

A

Answers may vary. Bluetooth devices are discoverable using freely available tools, meaning an attacker can locate out-of-sight devices and also collect information about the hardware and vendor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Identify some reasons why EOL software and hardware are concerning.

A

Responses will vary but should include a description regarding the lack of vendor support and vendor-supplied security patches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

True or False. Operating System instances running in the cloud are patched automatically by the cloud provider.

A

Flase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Which types of attacks on the Android OS can bypass the protections of mandatory access control?

A

Inter-app communication attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Which control is designed to prevent a computer from being hijacked by a malicious OS?

A

Answers may vary but secure boot, measured boot, or attestation services all apply.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Which type of host protection should provide capabilities that directly align to the NIST Cybersecurity Framework Core?

A

Endpoint Protection and Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

True or False. Operating in a public cloud removes the need for BCDR plans due to the fact that cloud platforms are so reliable.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

What name is given to the practice of splitting encrypted data outputs into multiple parts which are subsequently stored in disparate storage locations?

A

Bit Splitting or Cryptographic Splitting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Which cloud computing practice eliminates the use of traditional virtual machines to deliver cloud services?

A

Serverless Computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

What is a critical component dictating the implementation of logging capabilities in the cloud?

A

Legal and regulatory compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

What is the primary source of data breach in the cloud?

A

Misconfiguration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

Which component integrates practically all the components of a traditional chipset including GPU?

A

System on a Chip, or SoC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Which type of industrial computer is typically used to enable automation in assembly lines and is programmed using ladder language?

A

Programmable Logic Controller, or PLC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

Which type of availability attack are industrial computers most sensitive to?

A

Denial of Service, or DoS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

An ________ ________ describes the method by which ICS are isolated from other networked systems.

A

Air Gap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

What makes attacks against ICS uniquely concerning?

A

Answers will vary, but essentially because ICS control systems that interact with the real world and can cause humanitarian and/or environmental disasters when breached or attacked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

What is the name of the algorithm used by SHA-3?

A

Kekkack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

Which MAC method is commonly paired with Salsa20 on hardware that does not have integrated AES support?

A

Poly1305

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

Describe the key distribution problem.

A

Answers will vary. Should identify that it is associated with symmetric encryption and that sharing the key between two parties can be risky if not performed carefully.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

Is Salsa20 a stream or block cipher?

A

Stream

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

How are modes of operation related to symmetric encryption?

A

Answers will vary. Modes of operation are like “techniques” used to make symmetric block ciphers operate in a way that is comparable to stream ciphers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

What symmetric encryption problem is asymmetric encryption uniquely equipped to solve?

A

Key distribution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

What is the bulk encryption method used in the following cipher suite? ECDHE-RSA-AES128-GCMSHA256

A

AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

What encryption scheme is generally associated with protecting email?

A

Secure/Multipurpose Internet Mail Extensions (S/MIME)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

What issue related to the use of authentication header (AH) makes it difficult/problematic to implement?

A

It does not work across NAT gateways.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

Which implementation of Elliptic Curve Cryptography (ECC) is no longer recommended for use by the NSA?

A

P256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

True or False. Private keys are contained within digital certificates.

A

False. Public keys are contained within digital certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

Which of the following would be best suited to protecting data stored on a removable disk: IPSec, TLS or AES?

A

AES is a symmetric block cipher and best suited to this. IPSec and TLS are associated with transport encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

Which device used to provide strong authentication stores a user’s digital certificate, private key associated with the certificate, and a personal identification number (PIN)?

A

Smart card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

How do device certificates help security operations?

A

Answers will vary. A description of using device certificates to identify authorized endpoints is appropriate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

What is the purpose of a bridge CA?

A

Answers will vary. A bridge CA allows the interoperability and shared trust between multiple, otherwise independent, PKIs. Bridge CAs enable cross-certification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

_________________ ___________________ is the entity responsible for issuing and guaranteeing certificates.

A

Certificate Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

True or False. A website protected with a valid digital certificate is guaranteed to be safe.

A

False. The digital certificate provides assurance that the site is genuine, but it could still be rogue in nature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

What is another term to describe the requirement for both client and server devices to use certificates to verify identity?

A

Mutual authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

What is the name of the response header configured on a web server to notify a browser to connect to the requested website using HTTPS only?

A

HTTP Strict Transport Security (HSTS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

The error message “your connection is not private” is displayed when accessing a known website. What is a possible cause of this error?

A

The website is configured to use a weak signing algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

Which threat assessment approach is described as emulating known TTPs to mimic the actions of a threat in a realistic way, without emulating a specific threat actor?

A

Threat emulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

Which defensive approach describes a team of specialists working with the viewpoint of “assume breach”?

A

Threat Hunting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

Which threat actor group includes adversaries such as Anonymous, WikiLeaks, or LulzSec?

A

Hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

Developed by Lockheed Martin, this describes the steps/actions an adversary must complete in order to achieve their goals.

A

Cyber Kill Chain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

True or False. CPE is a list of records where each item contains a unique identifier used to describe publicly known vulnerabilities.

A

False. The description is for CVE.CPE uses a syntax similar to Uniform Resource Identifiers (URI), CPE is a standardized naming format used to identify systems and software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

What vulnerability assessment analysis approach requires the evaluation of a system or software while it is running?

A

Dynamic assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

What testing method uses specialty software tools designed to identify problems and issues with an application by purposely inputting/injecting malformed data to it?

A

Fuzzing or fuzz testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

This describes the actions of an attacker using one exploited system to access another within the same organization.

A

Pivoting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

What document describes the manner in which a pentest may be performed?

A

Rules of Engagement (RoE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

Which category of tool describes the Metasploit tool?

A

An exploit framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
136
Q

Honeytoken and canary files are types of _______________ files.

A

Decoy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

Which type of deceptive technology is generally less complicated to deploy than other deceptive technologies but can serve a similar purpose?

A

Simulator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

An ___________________________ system is one that is “unchangeable.”

A

Immutable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
139
Q

______________________________ describes the set of configuration changes made to improve the security of an endpoint from what the default configuration provides.

A

Hardening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
140
Q

In Linux, ________________ describe self-contained software applications which include all the necessary components and libraries they need to be able to operate on an immutable system.

A

Flatpaks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
141
Q

Which type of vulnerability is caused by processes operating under the assumption that a critical parameter or piece of information has not changed?

A

TOCTOU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
142
Q

When reviewing the operation of a web application, the following is observed: https://www.foo.com/ products/ jsessionid=8858PNRX949WM26378/?item=bigscree n-tv. What is problematic with this?

A

The session ID is included in the URL, meaning that anyone with access to the jsessionid information could perform an authentication bypass attack for the identified user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
143
Q

Which approach describes how software can be analyzed for open-source components?

A

Software Composition Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
144
Q

True or False. JSON is not dependent upon web technologies.

A

True. JSON is designed to be leveraged by common web technologies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
145
Q

What type of attack is most closely associated with the use of characters such as ‘ OR ‘x’ = ‘x’ – ?

A

Authentication Bypass, a type of SQL injection attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
146
Q

True or False. By default, switches provide packet capture utilities full visibility into all traffic flows for connected devices.

A

False. A switch must be configured to mirror traffic or utilize a tap in order to provide full visibility for packet capture. Switches natively isolate traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
147
Q

Two alerts are generated by an IDS, one with a priority value of 1 and the other with a priority value of 10. Which should be investigated first?

A

The one with a priority value of 1, which represents a more concerning event type.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
148
Q

Which security product is most likely to support the use of YARA rules?

A

Antivirus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
149
Q

In what ways does the support of security incidents differ from traditional tickets/requests in IT?

A

Answers will vary. The answer should describe how security incidents must be handled based on severity rather than order received.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
150
Q

What is most concerning regarding false negatives?

A

They represent legitimate security incidents that do not generate an alert.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
151
Q

What term describes evidence handling from collection through presentation in court?

A

Chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
152
Q

Which utility can be used to extract data from binary files and can display the contents in hexadecimal, decimal, octal, or ASCII formats

A

hexdump

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
153
Q

Which tool can be used to identify interactions between processes and the Linux kernel?

A

strace

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
154
Q

________________________ is a popular command line utility used to analyze memory dumps.

A

volatility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
155
Q

Which command line utility is designed to display real-time information about system memory, running processes, interrupts, paging, and I/O statistics?

A

vmstat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
156
Q

The cyclical process of identifying, assessing, analyzing, and responding to risks.

A

Risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
157
Q

The comprehensive process of evaluating, measuring, and mitigating the many risks that pervade an organization.

A

enterprise risk management (ERM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
158
Q

A comprehensive set of standards for enterprise risk management.

A

Risk Management Framework (RMF) or ISO 31000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
159
Q

Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
160
Q

In risk calculation, the chance of a threat being realized, expressed as a percentage.

A

Likelihood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
161
Q

The severity of the risk if realized by factors such as the scope, value of the asset, or the financial impacts of the event.

A

Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
162
Q

The amount that would be lost in a single occurrence of a particular risk factor.

A

Single Loss Expectancy (SLE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
163
Q

The total cost of a risk to an organization on an annual basis. This is determined by multiplying the SLE by the annual rate of occurrence (ARO).

A

Annual Loss Expectancy (ALE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
164
Q

In risk calculation, an expression of the probability/likelihood of a risk as the number of times per year a particular loss is expected to occur.

A

Annual Rate of Occurrence (ARO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
165
Q

The value of an asset, such as a server or even an entire building.

A

Asset Value (AV)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
166
Q

In risk calculation, the percentage of an asset’s value that would be lost during a security incident or disaster scenario.

A

Exposure Factor (EF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
167
Q

Associated costs of an asset including acquisition costs and costs to maintain and safely operate the asset over its entire lifespan.

A

Total Cost of Ownership (TCO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
168
Q

A metric to calculate whether an asset is worth the cost of deploying and maintaining it.

A

Return on Investment (ROI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
169
Q

Metric representing average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

A

Mean Time To Recovery (MTTR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
170
Q

Metric for a device or component that predicts the expected time between failures.

A

Mean Time Between Failures (MTBF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
171
Q

An analysis that measures the difference between current state and desired state in order to help assess the scope of work included in a project.

A

Gap Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
172
Q

In risk mitigation, the practice of ceasing activity that presents risk.

A

Risk avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
173
Q

The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed.

A

Risk acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
174
Q

The response of reducing risk to fit within an organization’s risk appetite.

A

Risk mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
175
Q

In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.

A

Risk transference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
176
Q

A specific path by which a threat actor gains unauthorized access to a system.

A

attack vectors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
177
Q

Risk that remains even after controls are put into place.

A

residual risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
178
Q

A strategic assessment of what level of residual risk is tolerable for an organization.

A

Risk appetite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
179
Q

A formal mechanism designed to measure performance of a program against desired goals.

A

Key Performance Indicators (KPI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
180
Q

The method by which emerging risks are identified and analyzed so that changes can be adopted to proactively avoid issues from occuring.

A

Key Risk Indicators (KRI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
181
Q

Property by which a computing environment is able to gracefully fulfill its ever-increasing resource needs.

A

Scalability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
182
Q

The fundamental security goal of ensuring that an information processing system is trustworthy.

A

Reliability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
183
Q

The fundamental security goal of ensuring that computer systems operate continuously and that authorized persons can access data that they need.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
184
Q

Determines the thresholds that separate different levels of risk.

A

Risk tolerance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
185
Q

Comparing potential benefits to potential risks and determining a course of action based on adjusting factors that contribute to each area.

A

Tradeoff analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
186
Q

Security policy concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers.

A

Separation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
187
Q

The policy of preventing any one individual performing the same role or tasks for too long. This deters fraud and provides better oversight of the person’s duties.

A

Job rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
188
Q

The principle that states when and how long an employee must take time off from work so that their activities may be subjected to a security review.

A

Mandatory vacation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
189
Q

Basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

A

Least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
190
Q

A cloud service provider is any third-party organization providing infrastructure, application and/or storage services via an “as a service” subscription-based, cloud-centric offering.

A

Cloud Service Provider (CSP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
191
Q

Identifies that responsibility for the implementation of security as applications, data and workloads are transitioned into a cloud platform are shared between the customer and the cloud service provider (CSP.)

A

Shared responsibility model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
192
Q

Cloud service model that provisions fully developed application services to users.

A

Software as a Service (SaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
193
Q

Cloud service model that provisions application and database services as a platform for development of apps.

A

Platform as a Service (PaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
194
Q

Cloud service model that provisions virtual machines and network infrastructure.

A

Infrastructure as a Service (IaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
195
Q

A customer is dependent on a vendor for products or services because switching is either impossible or would result in substantial complexity and costs.

A

Vendor Lock-in

196
Q

A vendor’s product is developed in a way that makes it inoperable with other products, the ability to integrate it with other vendor products is not a feasible option or does not exist.

A

Vendor Lockout

197
Q

A vendor that has a viable and in-demand product and the financial means to remain in business on an ongoing basis.

A

Vendor Viability

198
Q

A copy of vendor-developed source code provided to a trusted third party in the event the vendor ceases business.

A

Source Code Escrow

199
Q

Verifying the type and level of support to be provided by the vendor in support of their product or service.

A

Support Availability

200
Q

Formally defining what functionality is required of a product or service, and taking steps to verify that a vendor’s service or product provides at least this level of functionality.

A

Meeting Client Requirements

201
Q

The end-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer.

A

supply chain

202
Q

The capacity to understand how all vendor hardware, software, and services are produced and delivered as well as how they impact an organization’s operations or finished products.

A

Supply Chain Visibility (SCV)

203
Q

Industry body providing security guidance to CSPs, including enterprise reference architecture and security controls matrix.

A

Cloud Security Alliance (CSA)

204
Q

A framework of security best practices for Cloud service providers that is developed and maintained by the Cloud Security Alliance (CSA).

A

Security Trust and Risk (STAR)

205
Q

Use of standards established by the American Institute of Certified Public Accountants (AICPA) to evaluate the policies, processes, and procedures in place and designed to protect technology and financial operations.

A

System and Organization Controls (SOC)

206
Q

Develops many standards and frameworks governing the use of computers, networks, and telecommunications, including ones for information security (27K series) and risk management (31K series).

A

International Organization for Standardization (ISO)

207
Q

A set of cybersecurity standards developed by the United States Department of Defense (DoD) and designed to help fortify the DoD supply chain by requiring suppliers to demonstrate that they have mature cybersecurity capabilities.

A

Cybersecurity Maturity Model Certification (CMMC)

208
Q

A logically separate network, created by using switching technology. Even though hosts on two VLANs may be physically connected to the same cabling, local traffic is isolated to each VLAN so they must use a router to communicate.

A

virtual local area networks (VLAN)

209
Q

Data that can be used to identify an individual and includes information about past, present, or future health, as well as related payments and data used in the operation of a healthcare business.

A

Protected Health Information (PHI)

210
Q

Personal information about a consumer provided to a financial institution that can include account number, credit/debit card number, name, social security number and other information.

A

Personal Identifiable Financial Information (PIFI)

211
Q

Data that is of commercial value and can be granted rights of ownership, such as copyrights, patents, and trademarks.

A

Intellectual property (IP)

212
Q

A senior (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of an information asset.

A

data owner

213
Q

The process of applying confidentiality and privacy labels to information.

A

Data classification

214
Q

The process an organization uses to maintain the existence of and control over certain data in order to comply with business policies and/or applicable laws and regulations.

A

Data retention

215
Q

In data protection, the principle that countries and states may impose individual requirements on data collected or stored within their jurisdiction.

A

Data sovereignty

216
Q

An individual that is identified by privacy data.

A

data subject

217
Q

A set of policies, contracts and standards identified as essential in the agreement between two parties.

A

attestation of compliance (AOC)

218
Q

A process executed in four distinct phases: initiation and planning, certification, accreditation, and continuous monitoring.

A

Certification and accreditation (C&A)

219
Q

Organizational role with technical responsibilities for implementation of security policies, frameworks, and controls.

A

Information System Security Officer(ISSO)

220
Q

The entity responsible for reviewing the results of a certification and accreditation package, including audits reports, and making the final decision regarding accreditation status.

A

Certifying Authority

221
Q

A formal letter of accreditation provided to the system owner granting them permission to operate a system.

A

Authority to Operate(ATO)

222
Q

A set of standards developed by a group of governments working together to create a baseline of security assurance for a trusted operating system (TOS).

A

Common Criteria (CC)

223
Q

Organizational security policies are (to some extent) driven by legislation introduced as a response to the growing appreciation of the threat posed by computer crime. Legislation can cover many aspects of security policy but the key concepts are due diligence (demonstrating awareness of security issues) and due care (demonstrating responses to identified threats). Security policy is also driven by adherence to industry codes of practice and standards.

224
Q

A legal principal that a subject has used best practice or reasonable care when setting up, configuring, and maintaining a system.

A

due diligence

225
Q

A process designed to preserve all relevant information when litigation is reasonably expected to occur.

A

legal hold

226
Q

Procedures and tools to collect, preserve, and analyze digital evidence.

A

e-Discovery

227
Q

Predetermined alternate location where a network can be rebuilt after a disaster.

228
Q

Alternate processing location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.

229
Q

Fully configured alternate processing site that can be brought online either instantly or very quickly after a disaster.

230
Q

An analysis of events that can provide insight into how to improve response processes in the future.

A

after action report (AAR)

231
Q

Software or hardware device that protects a system or network by blocking unwanted network traffic.

232
Q

An intermediate system working at the Network layer capable of forwarding packets around logical networks of different layer 1 and layer 2 types.

233
Q

Type of switch, router, or software that distributes client requests between different resources, such as communications links or similarly-configured servers. This provides fault tolerance and improves throughput.

A

load balancer

234
Q

A private network segment made available to a single cloud consumer on a public cloud.

A

Virtual Private Cloud (VPC)

235
Q

A public IPv4 address that can be assigned to any instance or network interface in a VPC within an AWS account.

A

elastic IP address

236
Q

Using persuasion, manipulation, or intimidation to make the victim violate a security policy. The goal of social engineering might be to gain access to an account, gain access to physical premises, or gather information.

A

social engineering

237
Q

A preconfigured, self-contained virtual machine image ready to be deployed and run on a hypervisor.

A

virtual appliance

238
Q

A special type of DNS record used to identify the email servers used by a domain.

A

MX records

239
Q

Attack that involves the use of infected Internet-connected computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic.

A

Distributed Denial of Service

240
Q

An approach that protects the attack from consuming all available bandwidth and impacting other servers and services on the network. It reduces the amount of throughput available to the server or service being attacked.

A

Rate Limiting

241
Q

A firewall designed specifically to protect software running on web servers and their backend databases from code injection and DoS attacks.

A

Web Application Firewall (WAF)

242
Q

Retrieves all the traffic intended for an endpoint and drops both legitimate and malicious traffic.

A

Blackhole Routing

243
Q

A cloud service provider is any third-party organization providing infrastructure, application and/or storage services via an “as a service” subscription-based, cloud-centric offering.

A

Cloud Service Providers

244
Q

Reflects the methods used to reduce the impact of a distributed denial of service (DDoS) attack. DDoS mitigation can be implemented through the use of special software or by deploying a virtual appliance designed to provide DDoS protection.

A

DDoS Mitigation Software/Appliance

245
Q

All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so on.

A

unified threat management (UTM)

246
Q

A security measure performed on email and internet traffic to identify suspicious, malicious and/or inappropriate content in accordance with an organization’s policies.

A

Content Filtering

247
Q

A protocol specifying Internet mail message formats and attachments.

A

MIME (Multi-Purpose Internet Mail Extensions)

248
Q

Software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.

A

Data Loss Prevention (DLP)

249
Q

Junk messages sent over email (or instant messaging, which is called spim). It can also be utilized within social networking sites.

250
Q

Identifies known bad senders. Security companies typically provide this as a service to organizations to reduce SPAM messages.

A

SPAM Block Lists (SBL)

251
Q

Inspecting traffic to locate and block viruses.

252
Q

A feature of many proxy servers that enables the servers to retain a copy of frequently requested web pages.

A

caching engines

253
Q

A server that redirects requests and responses for clients configured with the proxy address and port.

A

non-transparent proxy

254
Q

A server that redirects requests and responses without the client being explicitly configured to use it. Also referred to as a forced or intercepting proxy.

A

transparent proxy

255
Q

An attack that injects a database query into the input data directed at a server by accessing the client side of the application.

A

SQL injection

256
Q

A malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.

A

cross-site scripting (XSS)

257
Q

A malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser.

A

cross-site request forgery (XSRF)

258
Q

A web application vulnerability that allows an attacker either to download a file from an arbitrary location on the host file system or to upload an executable or script file to open a backdoor.

A

file inclusion

259
Q

An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.

A

directory traversal

260
Q

An open source Web Application Firewall (WAF) for Apache, nginx, and IIS.

A

ModSecurity

261
Q

A special cloud-based service that is used to centralize the functions provided by APIs.

A

API gateway

262
Q

A system for structuring documents so that they are human- and machine-readable. Information within the document is placed within tags, which describe how information within the document is structured.

A

eXtensible Markup Language (XML)

263
Q

Attack where a threat actor injects false resource records into a client or server cache to redirect a domain name to an IP address of the attacker’s choosing.

A

DNS Poisoning

264
Q

Amount of time that the record returned by a DNS query should be cached before discarding it.

A

time to live (TTL)

265
Q

A security protocol that provides authentication of DNS data and upholds DNS data integrity.

A

Domain Name System Security Extensions (DNSSEC)

266
Q

All resource records for a domain that have the same type.

A

Resource Record Set (RRset)

267
Q

Used to sign the RRset of a zone in order for it to be verified as trustworthy by receiving systems.

A

Zone Signing Key

268
Q

Used to sign the special DNSKEY record which contains the (public) Zone Signing Key.

A

Key Signing Key

269
Q

Secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet).

A

Virtual Private Network (VPN)

270
Q

General term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level.

A

Network Access Control (NAC)

271
Q

Security appliance or software that uses passive hardware sensors to monitor traffic on a specific segment of the network.

A

Network intrusion detection system (NIDS)

272
Q

A server running intrusion detection software that analyzes network traffic for signs of suspicious activity.

A

NIDS Server

273
Q

A device that captures network traffic within a specific segment of a network and forwards it to the NIDS Server for analysis.

A

NIDS Sensors

274
Q

Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch.

A

switched port analyzer (SPAN)

275
Q

Hardware device inserted into a cable to copy frames for analysis.

A

test access port (TAP)

276
Q

A type of NIDS that scans the radio frequency spectrum for possible threats to the wireless network, primarily rogue access points.

A

wireless intrusion detection system (WIDS)

277
Q

Wireless access point that has been enabled on the network without authorization.

A

rogue access points

278
Q

Wireless access point that deceives users into believing that it is a legitimate network access point.

A

evil twins

279
Q

Type of wireless network where connected devices communicate directly with each other instead of over an established medium.

A

Ad hoc networks

280
Q

Attack where the threat actor makes an independent connection between two victims and is able to read and possibly modify traffic.

281
Q

An inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it.

A

network intrusion prevention system (NIPS)

282
Q

An active, inline security device that monitors suspicious network and/or system traffic on a wireless network and reacts in real time to block it.

A

wireless intrusion prevention system

283
Q

A type of software that reviews system files to ensure that they have not been tampered with.

A

File Integrity Monitoring (FIM)

284
Q

Application protocol used for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.

A

Simple Network Management Protocol (SNMP)

285
Q

Cisco-developed means of reporting network flow information to a structured database. NetFlow allows better understanding of IP traffic flows as used by different network applications and hosts.

286
Q

Web standard for using sampling to record network traffic statistics.

287
Q

A cloud service provider data center.

A

availability zones

288
Q

Distributing and replicating the components of any service (such as web apps, media and storage) across all the key service areas needing access to the content.

A

Content Delivery Network (CDN)

289
Q

Caching is a technique used for maintaining consistent performance during file access and data processing. It generally works where components are mismatched in terms of the speed at which they can operate. Caching allows a slow component to store data it cannot process at that moment (a disk drive storing up write instructions for instance) or a fast component to pre-fetch data that it might need soon (a CPU storing instructions from system memory for reuse for example).

290
Q

The process of creating a simulation of a computing environment, where the virtualized system can simulate the hardware, operating system, and applications of a typical computer without being a separate physical computer.

A

Virtualization

291
Q

A guest operating system installed on a host computer using virtualization software (a hypervisor), such as Microsoft Hyper-V or VMware.

A

virtual machines (VM)

292
Q

In software development, a user acceptance testing environment that is a copy of the production environment.

293
Q

Policies, procedures, and tools designed to ensure defect-free development and delivery.

A

Quality Assurance (QA)

294
Q

An IT environment available to consumer for normal, day-to-day use.

A

Production

295
Q

A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited.

A

Sandboxing

296
Q

A network service that stores identity information about all the objects in a particular network, including users, groups, servers, client computers, and printers.

A

Directory services

297
Q

Service that maps fully qualified domain name labels to IP addresses on most TCP/IP networks, including the Internet.

A

Domain Name System (DNS)

298
Q

A software architecture where components of the solution are conceived as loosely coupled services not dependent on a single platform type or technology.

A

Service-oriented architecture (SOA)

299
Q

A common component of SOA architecture that facilitates decoupled service-to-service communication.

A

enterprise service bus (ESB)

300
Q

The processes of planning, analysis, design, implementation, and maintenance that often govern software and systems development.

A

software development life cycle (SDLC)

301
Q

The process of testing an application after changes are made to see if these changes have triggered problems in older areas of code.

A

regression test

302
Q

The developer writes a simple “pass/no pass” test for code. This ensures that a particular block of code performs the exact action intended, and provides the exact output expected.

303
Q

Individual components of a system are tested together to ensure that they interact as expected.

A

integration test

304
Q

A software development model where the phases of the SDLC cascade so that each phase will start only when all tasks identified in the previous phase are complete.

A

waterfall model

305
Q

A software development method that combines several approaches, such as incremental and waterfall, into a single hybrid method that is modified repeatedly in response to stakeholder feedback and input.

A

spiral method

306
Q

A software development model that focuses on iterative and incremental development to account for evolving requirements and expectations.

A

Agile model

307
Q

The practice of ensuring that the assets that make up a project are closely managed when it comes time to make changes.

A

version control

308
Q

Software development method in which code updates are tested and committed to a development or build server/code repository rapidly.

A

Continuous Integration (CI)

309
Q

A class of security tools that facilitates incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment.

A

security orchestration automation and response (SOAR)

310
Q

A charity and community publishing a number of secure application development resources.

A

Open Web Application Security Project (OWASP)

311
Q

A set of rules governing user security information, such as password expiration and uniqueness, which can be set globally.

A

account policies

312
Q

Policies, procedures, and support software for managing accounts and credentials with administrative permissions.

A

Privileged Access Management (PAM)

313
Q

A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.

A

Federation

314
Q

An identity federation method that enables users to be authenticated on cooperating websites by a third-party authentication service.

315
Q

An XML-based data format used to exchange authentication information between a client and a service.

A

Security Assertion Markup Language (SAML)

316
Q

An XML-based web services protocol that is used to exchange messages.

A

Simple Object Access Protocol (SOAP)

317
Q

An identity federation method that provides single sign-on capabilities and enables websites to make informed authorization decisions for access to protected online resources.

A

Shibboleth

318
Q

In PKI, a description of how users and different CAs exchange information and certificates.

A

trust model

319
Q

Access control model where each resource is protected by an Access Control List (ACL) managed by the resource’s owner (or owners).

A

Discretionary Access Control (DAC)

320
Q

Access control model where resources are protected by inflexible, system defined rules. Resources (objects) and users (subjects) are allocated a clearance level (or label).

A

Mandatory Access Control (MAC)

321
Q

Access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

A

Role-Based Access Control (RBAC)

322
Q

An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.

A

Attribute-Based Access Control (ABAC)

323
Q

A non-discretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.

A

Rule-Based Access Control

324
Q

Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.

A

single sign-on (SSO)

325
Q

AAA protocol used to manage remote and wireless authentication infrastructures.

A

Remote Authentication Dial-In User Service (RADIUS)

326
Q

AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.

A

Terminal Access Controller Access Control System Plus (TACACS+)

327
Q

Network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

A

Lightweight Directory Access Protocol (LDAP)

328
Q

A method of implementing LDAP using SSL/TLS encryption.

A

Secure LDAP (LDAPS)

329
Q

Single sign-on authentication and authorization service that is based on a time-sensitive ticket-granting system.

330
Q

Component of Kerberos that authenticates users and issues tickets (tokens).

A

Key Distribution Center (KDC)

331
Q

Standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider.

A

Open Authorization (OAuth)

332
Q

Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication, and establish secure tunnels through which to submit credentials.

A

Extensible Authentication Protocol (EAP)

333
Q

Standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication.

A

IEEE 802.1X

334
Q

In EAP architecture, the device requesting access to the network.

A

Supplicant

335
Q

A PNAC switch or router that activates EAPoL and passes a supplicant’s authentication data to an authenticating server, such as a RADIUS server.

A

authenticators

336
Q

Authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

A

multifactor authentication (MFA)

337
Q

A common form of multi-factor authentication (MFA) that uses two authentication factors, such as something you know and something you have, also known as 2-step authentication.

A

Two-Factor Authentication (2FA)

338
Q

Use of a communication channel that is different than the one currently being used.

A

out-of-band mechanisms

339
Q

Use of a communication channel that is the same as the one currently being used.

A

In-band authentication

340
Q

A server that is not integrated into a Microsoft Active Directory Domain.

A

standalone server

341
Q

An algorithm that generates a one-time password using a hash-based authentication code to verify the authenticity of the message.

A

HMAC-Based One-Time Password (HOTP)

342
Q

An improvement on HOTP that forces one-time passwords to expire after a short period of time.

A

Time-Based One-Time Password (TOTP)

343
Q

A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics.

A

hardware root of trust (RoT)

344
Q

A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information.

A

trusted platform module (TPM)

345
Q

A standardized, stateless architectural style used by web applications for communication and integration.

A

representation state transfer (REST)

346
Q

A compact and self-contained method for securely transmitting messages.

A

JSON Web Token

347
Q

Proving the integrity and authenticity of a message by combining its hash with a shared secret.

A

Message Authentication Code (MAC)

348
Q

Specifications that support redundancy and fault tolerance for different configurations of multiple-device storage systems.

349
Q

An operating system virtualization deployment containing everything required to run a service, application, or microservice.

A

containers

350
Q

Features and capabilities of a server without needing to perform server administration tasks. Serverless computing offloads infrastructure management to the cloud service provider - for example, configuring file storage capability without the requirement of first building and deploying a file server.

A

serverless computing

351
Q

A software architecture where components of the solution are conceived as highly decoupled services not dependent on a single platform type or technology.

A

microservices

352
Q

Classifying the ownership and management of a cloud as public, private, community, or hybrid.

A

cloud deployment model

353
Q

A cloud that is deployed for shared use by multiple independent tenants.

A

Public cloud (or multi-tenant)

354
Q

A cloud service provider is any third-party organization providing infrastructure, application and/or storage services via an “as a service” subscription-based, cloud-centric offering.

A

cloud service providers (CSPs)

355
Q

A cloud deployment model where the cloud consumer uses mutiple public cloud services.

A

Multi-cloud

356
Q

A cloud that is deployed for use by a single entity.

A

Private cloud

357
Q

A method of computing that involves realtime communication over large distributed networks to provide the resources, software, data, and media needs of a user, business, or organization.

A

cloud computing

358
Q

A cloud that is deployed for shared use by cooperating tenants.

A

Community cloud

359
Q

A concept in which an expanding list of transactional records listed in a public ledger is secured using cryptography.

A

Blockchain

360
Q

A component of AI that enables a machine to develop strategies for solving a task given a labeled dataset where features have been manually identified but without further explicit instructions.

A

Machine learning (ML)

361
Q

Using AI to identify vulnerabilities and attack vectors to circumvent security systems.

A

adversarial AI

362
Q

A refinement of machine learning that enables a machine to develop strategies for solving a task given a labeled dataset and without further explicit instructions.

A

deep learning

363
Q

The use of artificial intelligence and machine learning to generate a highly-realistic video of a person. A fake video rendered using deep learning.

A

deep fakes

364
Q

A form of authentication that does not require the use of knowledge based information, such as a password, in order to prove identity.

A

passwordless authentication

365
Q

Method that allows computation of certain fields in a dataset without decrypting it.

A

Homomorphic encryption

366
Q

Calculations performed by more than one system whereby the function used to perform the calculations is only known by a single party.

A

Secure Multi-Party Computation (MPC/SMPC)

367
Q

A firmware update delivered on a cellular data connection.

A

over the air (OTA)

368
Q

Software that allows deletion of data and settings on a mobile device to be initiated from a remote server.

A

Remote wipe

369
Q

A toggle found on mobile devices enabling the user to disable and enable wireless functionality quickly.

A

airplane mode

370
Q

Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.

A

Simultaneous Authentication of Equals (SAE)

371
Q

A high performance mode of operation for symmetric encryption. Provides a special characteristic called authenticated encryption with associated data, or AEAD.

A

AES Galois Counter Mode Protocol (GCMP)

372
Q

A standard for peer-to-peer (2-way) radio communications over very short (around 4”) distances, facilitating contactless payment and similar technologies. NFC is based on RFID.

A

Near Field Communication (NFC)

373
Q

Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot).

374
Q

Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot).

375
Q

Security control that can enforce a virtual boundary based on real-world geography.

A

Geofencing

376
Q

Adding geographical information to files, such as latitude and longitude coordinates as well as date and time.

A

Geotagging

377
Q

Methods of provisioning mobile devices to users, such as BYOD and CYOD.

A

deployment model

378
Q

Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data.

A

Bring your own device (BYOD)

379
Q

Enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited.

A

Corporate owned, business only (COBO)

380
Q

Enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use, such as private email, social networking, and web browsing, is permitted.

A

Corporate owned, personally enabled (COPE)

381
Q

Enterprise mobile device provisioning model where employees are offered a selection of corporate devices for work and, optionally, private use.

A

Choose your own device (CYOD)

382
Q

Installing an app to a mobile device without using an app store.

A

sideloading

383
Q

A type of virtualization applied by a host operating system to provision an isolated execution environment for an application.

A

Containerization

384
Q

Process of making a host or app configuration secure by reducing its attack surface, through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched to be secure against software exploits.

385
Q

The process of determining what additional software may be installed on a client or server beyond its baseline to prevent the use of unauthorized software.

A

Execution control

386
Q

Since version 4.3, Android has been based on Security-Enhanced Linux, enabling granular permissions for apps, container isolation, and storage segmentation.

387
Q

A firmware interface that initializes hardware for an operating system boot.

A

Basic Input/Output System (BIOS)

388
Q

A type of system firmware providing support for 64-bit CPU operation at boot, full GUI and mouse operation at boot, and better boot security.

A

Unified Extensible Firmware Interface (UEFI)

389
Q

A UEFI feature that prevents unwanted processes from executing during the boot operation.

A

Secure boot

390
Q

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report.

A

measured boot

391
Q

An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage.

A

hardware security module (HSM)

392
Q

A software application running on a single host and designed to protect only that host.

A

Host-based firewall

393
Q

A type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system’s state.

A

Host-based intrusion detection systems (HIDS)

394
Q

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

A

endpoint detection and response (EDR)

395
Q

Storing data across different storage locations (such as multiple data centers) to improve durability and availability

A

Data dispersion

396
Q

Splitting encrypted data into parts which are then stored in different storage locations and further encrypted at the storage location.

A

bit splitting

397
Q

Splitting encrypted data into parts which are then stored in different storage locations and further encrypted at the storage location.

A

cryptographic splitting

398
Q

A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances.

A

serverless

399
Q

Provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.

A

Infrastructure as Code (IaC)

400
Q

Enterprise management software designed to mediate access to cloud services by users across all types of devices.

A

cloud access security broker (CASB)

401
Q

Devices that can report state and configuration data and be remotely managed over IP networks.

A

Internet of Things (IoT)

402
Q

Type of processor designed to perform a specific function, such as switching.

A

application-specific integrated circuits (ASICs)

403
Q

A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture.

A

field programmable gate array (FPGA)

404
Q

Network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).

A

Industrial control systems (ICSs)

405
Q

Input and output controls on a PLC to allow a user to configure and monitor the system.

A

human-machine interfaces (HMIs)

406
Q

Software that aggregates and catalogs data from multiple sources within an industrial control system.

A

data historian

407
Q

Type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas from a host computer.

A

supervisory control and data acquisition (SCADA)

408
Q

Control systems that maintain an optimum heating, cooling, and humidity level working environment for different parts of the building.

A

HVAC (Heating, Ventilation, Air Conditioning)

409
Q

A serial network designed to allow communications between embedded programmable logic controllers.

A

CAN bus (controller area network)

410
Q

Communications network designed to implement an industrial control system rather than data networking.

A

operational technology (OT)

411
Q

A communications protocol used in operational technology networks.

412
Q

A specialized communication protocol used by industrial control systems to acheive automation.

A

Common Industrial Protocol (CIP)

413
Q

Associated with industrial controls used in water and electric utilities, DNP3 allows ICS components to communicate with each other.

A

Distributed Network Protocol (DNP3)

414
Q

Function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output.

415
Q

In cryptography, the act of two different plaintext inputs producing the same exact ciphertext output.

A

collisions

416
Q

A cryptographic hash function producing a 128-bit output.

A

Message Digest Algorithm (MD5)

417
Q

A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.

A

Secure Hash Algorithm (SHA)

418
Q

A method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key.

A

hash-based message authentication code (HMAC)

419
Q

A type of symmetric encryption that combines a stream of plaintext bits or bytes with a pseudorandom stream initialized by a secret key.

A

stream cipher

420
Q

A technique used in cryptography to generate random numbers to be used along with a secret key to provide data encryption.

A

initialization vector (IV)

421
Q

A type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers.

A

block cipher

422
Q

In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with which the holder wants to communicate securely. A private key can be used to encrypt data that can be decrypted by the linked public key or vice versa.

A

private keys

423
Q

During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair.

A

public key

424
Q

A message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.

A

digital signature

425
Q

An email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications.

A

Secure/Multipurpose Internet Mail Extensions (S/ MIME)

426
Q

A library of programming utilities used, for example, to enable software developers to access functions of the TCP/IP network stack under a particular operating system.

A

application programming interface (API)

427
Q

An EAP method that requires server-side and client-side certificates for authentication using SSL/ TLS.

A

EAP Transport Layer Security (EAP-TLS)

428
Q

EAP implementation that uses a server-side certificate to create a secure tunnel for user authentication, referred to as the inner method.

A

Protected Extensible Authentication Protocol (PEAP)

429
Q

An EAP method that enables a client and server to establish a secure connection without mandating a clientside certificate.

A

EAP Tunneled Transport Layer Security (EAP-TTLS)

430
Q

An EAP method that is expected to address the shortcomings of LEAP.

A

EAP with Flexible Authentication via Secure Tunneling (EAP-FAST)

431
Q

Network protocol suite used to secure data through authentication and encryption as the data travels across the network or the Internet.

A

Internet Protocol Security (IPSec)

432
Q

IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.

A

Authentication Header (AH)

433
Q

IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.

A

Encapsulating Security Payload (ESP)

434
Q

A cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) alogrithms, but the private key is not derivable from the public one. An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example.

A

Elliptic curve cryptography (ECC)

435
Q

A technique that strengthens potentially weak input for cryptographic key generation, such as passwords or passphrases created by people, against bruteforce attacks.

A

Key stretching

436
Q

Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.

A

Public key infrastructure (PKI)

437
Q

Information that is primarily stored on specific media, rather than moving from one medium to another.

A

Data at rest

438
Q

Information that is being transmitted between two hosts, such as over a private network or the Internet.

A

Data in transit

439
Q

The use of a specialized card containing cryptographic information to achieve authentication.

A

Smart card authentication

440
Q

A server that guarantees subject identities by issuing signed digital certifcate wrappers for their public keys.

A

certificate authority (CA)

441
Q

A method of validating a certificate by tracing each CA that signs the certificate, up through the hierarchy to the root CA. Also referred to as chain of trust.

A

certificate chaining

442
Q

A Base64 ASCII file that a subject sends to a CA to get a certificate.

A

certificate signing request (CSR)

443
Q

Field in a digital certificate allowing a host to be identifed by multiple host names/subdomains.

A

Subject Alternative Name (SAN)

444
Q

A single SSL certificate that can be used to secure multiple, different domain names.

A

multi-domain certificates

445
Q

The method of using a digital signature to ensure the source and integrity of programming code.

A

code signing

446
Q

A list of certificates that were revoked before their expiration date.

A

certificate revocation list (CRL)

447
Q

Allows clients to request the status of a digital certificate, to check whether it is revoked.

A

Online Certificate Status Protocol (OCSP)

448
Q

A deprecated method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize man-in-the-middle attacks.

449
Q

Allows a webserver to perform certificate status checking instead of the browser. The webserver checks the status of a certificate and provides the browser with the digitally signed response from the OCSP responder.

A

Certificate stapling

450
Q

An inexperienced, unskilled attacker that typically uses tools or scripts created by others.

A

script kiddie

451
Q

A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

A

insider threat

452
Q

A type of threat actor that uses hacking and computer fraud for commercial gain.

A

organized crime

453
Q

A threat actor that is motivated by a social issue or political cause.

A

Hacktivists

454
Q

An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.

A

Advanced Persistent Threat (APT)

455
Q

A type of threat actor that is supported by the resources of its host country’s military and security services.

A

State actors

456
Q

A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.

A

Common Vulnerability Scoring System (CVSS)

457
Q

An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code.

A

Buffer overflow

458
Q

A technique that randomizes where components in a running application are placed in memory to protect against buffer overflows.

A

Address Space Layout Randomization (ASLR)

459
Q

A form of malware protection designed to block applications (malware) that attempt to run from protected memory locations.

A

Data Execution Protection (DEP)

460
Q

The process of reviewing uncompiled source code either manually or using automated tools.

A

Static code analysis

461
Q

Exploit technique that runs malicious code with the ID of a legitimate process.

A

code injection

462
Q

A vulnerability that allows an attacker to transmit code from a remote host for execution on a target host or a module that exploits such a vulnerability.

A

remote code execution (RCE)

463
Q

An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input.

A

LDAP injection

464
Q

Where a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application.

A

Command injection

465
Q

Exploiting a misconfiguration to direct traffic to a different VLAN without authorization.

A

VLAN hopping

466
Q

Group of network prefixes under the administrative control of a single organization used to establish routing boundaries.

A

autonomous systems (AS)

467
Q

Analysis of the headers and payload data of one or more frames in captured network traffic.

A

Packet analysis

468
Q

Analysis of per-protocol utilization statistics in a packet capture or network traffic sampling.

A

Protocol analysis

469
Q

Command-line packet sniffing utility.

A

tcpdump command

470
Q

Widely used protocol analyzer.

471
Q

OS and applications software can be configured to log events automatically. This provides valuable troubleshooting information. Security logs provide an audit trail of actions performed on the system as well as warning of suspicious activity. It is important that log configuration and files be made tamper-proof.

472
Q

A widget showing records or metrics in a visual format, such as a graph or table.

A

Visualization

473
Q

Standards-based version of the Netflow framework.

A

IP Flow Information Export (IPFIX)

474
Q

A sign that an asset or network has been attacked or is currently under attack.

A

indicator of compromise (IOC)

475
Q

Solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

A

Security information and event management (SIEM)

476
Q

In security scanning, a case that is reported when it should not be.

A

false positive

477
Q

In security scanning, a case that is not reported when it should be.

A

False negatives

478
Q

In security scanning, a case that is reported when it should be.

A

True positive

479
Q

In security scanning, a case that is not reported when it should not be.

A

true negative

480
Q

Specific procedures that must be performed if a certain type of event is detected or reported.

A

Incident response plans (IRP)

481
Q

The record of evidence history from collection, to presentation in court, to disposal.

A

chain of custody

482
Q

In digital forensics, the method and tools used to create a forensically sound copy of data from a source device, such as system memory or a hard disk.

A

Data acquisition

483
Q

A highly adaptable, open-source network scanner used primarily to scan hosts and ports to locate services and detect vulnerabilites.

484
Q

Spoofing frames to disconnect a wireless station to try to obtain authentication data to crack.

A

deauthentication attack

485
Q

An attack against Windows systems designed to replace the important DLL’s needed by software applications with malicious alternatives.

A

DLL hijacking

486
Q

VM Escape

A

This VM exploit gives an attacker access to the underlying host operating systems and thereby access to all other VMs running on that host machine.